Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-6418

Published: 27/02/2020 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 686
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Chrome

Vulnerability Summary

Type confusion in V8 in Google Chrome before 80.0.3987.122 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 30

fedoraproject fedora 31

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Red Hat: Important: chromium-browser security update
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Debian Security Advisories: DSA-4638-1 chromium -- security update
Several vulnerabilities have been discovered in the chromium web browser CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library CVE-2019-19926 Ri ...
Arch Linux Issues:
A type confusion vulnerability has been found in the V8 component of chromium before 8003987122 ...
Google Chrome: Stable Channel Update for Desktop
The stable channel has been updated to 8003987122 for Windows, Mac, and Linux, which will roll out over the coming days/weeks A list of all changes is available in the log Interested in switching release channels? Find out how If you find a new issue, please let us know by filing a bug The community help forum is also a great pla ...

Exploits

Exploit DB: Google Chrome 80 JSCreate Side-Effect Type Confusion
This Metasploit module exploits an issue in Google Chrome version 800398787 (64 bit) The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from abso ...
Exploit DB: Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Post::File include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super(update_info(info, 'Name' ...

Github Repositories

https://github.com/ChoKyuWon/CVE-2020-6418

PoC of CVE

CVE-2020-6418 PoC of CVE-2020-6418 This PoC work under 8003987122 You can see more detail information on here (PoC codes are also from the link)

https://github.com/SivaPriyaRanganatha/CVE-2020-6418

CVE-2020-6418 The CVE 2020-6418 is about the the type confusion in V8 in Google chromeThe affected versions were prior to 8003987122 The vulnerability is achived by remote attacker accessing the shell of a target device via a crafted HTML page Environment Requirements Google Chrome with version prior to 8003987122 Note : The Google chrome browser should run with no

https://github.com/joshua7o8v/Browser

Browser Content WebKit bug 191731 CVE-2016-4622 V8 CTF starCTF 2019 OOB 35C3CTF krautflare CVE CVE-2020-6418

https://github.com/7o8v/Browser

Browser Content WebKit bug 191731 CVE-2016-4622 V8 CTF starCTF 2019 OOB 35C3CTF krautflare CVE CVE-2020-6418

Recent Articles

IT threat evolution Q1 2020. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Oleg Kupreev Evgeny Lopatin Alexey Kulaev • 20 May 2020

These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data. According to Kaspersky Security Network, Q1 2020 will be remembered primarily for the coronavirus pandemic and cybercriminals’ exploitation of the topic. In particular, the creators of a new modification of the Ginp banking trojan renamed their malware Coronavirus Finder and then began offering it for €0.75 disguised as an app supposedly capable of detectin...

Read more...
Mind the gap: Google patches holes in Chrome – exploit already out there for one of them after duo spot code fix
The Register • Thomas Claburn in San Francisco • 25 Feb 2020

Pair engineer malicious code from public source tweak before official binary releases If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one

Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities – and exploit code for one of them is already public, so get patching. In a release note on Monday, Krishna Govind, a test engineer at Google, said Chrome version 80.0.3987.122 addresses three flaws identified by various researchers. Each is rated high severity. One, reported by André Bargull, is an integer-overflow bug in International Components for Unicode (ICU), a set of libraries for C/C++ and...

Read more...

References

CWE-843https://crbug.com/1053604https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.htmlhttp://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.htmlhttps://access.redhat.com/errata/RHSA-2020:0738https://www.debian.org/security/2020/dsa-4638https://security.gentoo.org/glsa/202003-08https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/https://access.redhat.com/errata/RHSA-2020:0738https://nvd.nist.govhttps://www.exploit-db.com/exploits/48186https://github.com/ChoKyuWon/CVE-2020-6418https://www.debian.org/security/2020/dsa-4638
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook